diff --git a/disable-dns-test.diff b/disable-dns-test.diff new file mode 100644 index 0000000..681f0d1 --- /dev/null +++ b/disable-dns-test.diff @@ -0,0 +1,15 @@ +--- ./Lib/test/test_socket.py.orig 2008-04-15 08:35:23.000000000 +0200 ++++ ./Lib/test/test_socket.py 2008-04-15 08:35:30.000000000 +0200 +@@ -453,9 +453,9 @@ + # XXX(nnorwitz): http://tinyurl.com/os5jz seems to indicate + # it reasonable to get the host's addr in addition to 0.0.0.0. + # At least for eCos. This is required for the S/390 to pass. +- my_ip_addr = socket.gethostbyname(socket.gethostname()) +- self.assert_(name[0] in ("0.0.0.0", my_ip_addr), '%s invalid' % name[0]) +- self.assertEqual(name[1], PORT+1) ++ #my_ip_addr = socket.gethostbyname(socket.gethostname()) ++ #self.assert_(name[0] in ("0.0.0.0", my_ip_addr), '%s invalid' % name[0]) ++ #self.assertEqual(name[1], PORT+1) + + def testGetSockOpt(self): + # Testing getsockopt() diff --git a/python-2.5.2-from-string-and-size.patch b/python-2.5.2-from-string-and-size.patch new file mode 100644 index 0000000..359b5c5 --- /dev/null +++ b/python-2.5.2-from-string-and-size.patch @@ -0,0 +1,15 @@ +--- python/trunk/Objects/stringobject.c 2008/03/26 12:49:49 61936 ++++ python/trunk/Objects/stringobject.c 2008/04/10 19:50:36 62271 +@@ -55,7 +55,11 @@ + PyString_FromStringAndSize(const char *str, Py_ssize_t size) + { + register PyStringObject *op; +- assert(size >= 0); ++ if (size < 0) { ++ PyErr_SetString(PyExc_SystemError, ++ "Negative size passed to PyString_FromStringAndSize"); ++ return NULL; ++ } + if (size == 0 && (op = nullstring) != NULL) { + #ifdef COUNT_ALLOCS + null_strings++; diff --git a/python-doc.spec b/python-doc.spec index 41d96b8..6093b37 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -18,7 +18,7 @@ Group: Development/Languages/Python BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Additional Package Documentation for Python. Version: 2.5.1 -Release: 63 +Release: 66 %define pyver 2.5.2 BuildArch: noarch %define tarname Python-%{pyver} diff --git a/python.changes b/python.changes index a821f51..e436056 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Wed Apr 16 21:20:07 CEST 2008 - matejcik@suse.cz + +- PyString_FromStringAndSize now checks size parameter + (bnc#379534, CVE-2008-1721) + +------------------------------------------------------------------- +Tue Apr 15 09:14:29 CEST 2008 - adrian@suse.de + +- disable DNS lookup test when running in build service. + The XEN build hosts have no network. + ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de diff --git a/python.spec b/python.spec index bc25e36..b9742b9 100644 --- a/python.spec +++ b/python.spec @@ -21,7 +21,7 @@ AutoReqProv: on Obsoletes: python-nothreads python21 python-elementtree python-sqlite Summary: Python Interpreter Version: 2.5.2 -Release: 11 +Release: 14 %define tarname Python-%{version} Source0: %{tarname}.tar.bz2 Source6: README.SUSE @@ -41,6 +41,8 @@ Patch27: python-2.5-https_warn.patch Patch28: python-2.5.2-subprocess-eintr-safety.patch Patch30: python-2.5.1-sqlite.patch Patch31: python-2.5.2-fwrapv.patch +Patch32: disable-dns-test.diff +Patch33: python-2.5.2-from-string-and-size.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define python_version %(echo %{version} | head -c 3) %define idle_name idle @@ -209,6 +211,10 @@ Python2.x, it is part of the core Python distribution. %patch28 %patch30 %patch31 +%if 0%{?suse_version} +%patch32 +%endif +%patch33 -p2 # some cleanup find . -name .cvsignore -type f -print0 | xargs -0 rm -f find . -name CVS -type d -print0 | xargs -0 rm -rf @@ -481,6 +487,12 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/python2 %changelog +* Wed Apr 16 2008 matejcik@suse.cz +- PyString_FromStringAndSize now checks size parameter + (bnc#379534, CVE-2008-1721) +* Tue Apr 15 2008 adrian@suse.de +- disable DNS lookup test when running in build service. + The XEN build hosts have no network. * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support